Looking for some help with Nginx Proxy Add-on

bphillips921 · September 25, 2021, 2:34am

I’m dumb when it comes to some of this routing stuff and I can’t find instructions, that are detailed enough for me, to figure this out.

I have Nginx configured on my machine, here is the config

domain: mydomain.duckdns.org
certfile: fullchain.pem
keyfile: privkey.pem
hsts: max-age=31536000; includeSubDomains
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

I can get to my machine externally using https://mydomain.duckdns.org:8123 or https://mydomain.duckdns.org:443 (reroutes to https://mydomain.duckdns.org:8123). I’m looking for the configuration that allows me to drop the port number at the end of the URL.Can anyone help me with this?

eXtatic · September 25, 2021, 11:06pm

Maybe try the NGINX Proxy Manager Addon, it provides a simple GUI for configuration.

443 is the standard port for https so you can omit it.
The proxy shouldn’t route to https://mydomain.duckdns.org:8123/ but [your local ip]:8123

mobile.andrew.jones · September 26, 2021, 12:17am

What do you have under the

http:

config in the Home Assistant configuration.yaml file?

bphillips921 · September 26, 2021, 3:40am

Here’s my config.

http:
  # Secrets are defined in the file secrets.yaml
  cors_allowed_origins:
    - https://192.168.1.111:7080
    - https://reformedreality.com
    - http://reformedreality.com
  base_url: https://mydomain.duckdns.org
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.

mobile.andrew.jones · September 26, 2021, 11:37am

Ok, let’s start there, you either have SSL in the Home Assistant configuration.yaml OR Nginx. Don’t have it in both. Comment out the SSL bits in Home Assistant configuration, validate config and then restart. By default Home Assistant should run on port 8123 with no SSL, the Nginx add on will then proxy all requests arriving at port 443 through to Home Assistant on port 8123.

Your http config however needs a few things added to be able to actually accept requests from Nginx:

This is my ENTIRE http config section:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

bphillips921 · September 27, 2021, 2:55am

I commented out the SSL info in the config but then I couldn’t access HA from WAN at all. I could only login on LAN via http://192.168.1.111:8123. I even had to add the “http” to get it to work

mobile.andrew.jones · September 27, 2021, 3:12am

Have you verified that your router is actually setup to port forward connection requests coming to port 443 through to the Home Assistant local IP address on port 443?

Yes that is how my config works, I can access Home Assistant locally using port 8123 but via http, or I can access it via the full domain name (both internally and externally) using https on port 443 (which I don’t need to add to the URL)

Edit:
Please remember that you DO actually need this -

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

Without the trusted proxies, then Home Assistant will reject requests from Nginx. The address 172.30.33.0/24 is correct for Home Assistant supervised installs and the Home Assistant OS. But if you have installed Home Assistant in a different way, then the IP address might be different, so please ensure that the IP address you use is correct. The Home Assistant log will tell you the IP address of requests that were rejected because they weren’t listed as a trusted proxy.